Trouble with win_package
480 views
Skip to first unread message
Dimitri Yioulos
Feb 14, 2018, 1:16:43 PM2/14/18
to Ansible Project
All,
I'm running version 2.3 (can't update to 2.4 just yet) and, despite what should be super stupid simple, I've never been able to get win_package to work. I've changed up my win_package play in every conceivable way, but no joy. Here's my basic set-up, which is taken directly from the doc:
---
- hosts: all gather_facts: false
tasks:
- name: install hotfix kb3140245 win_package: path: C:\temp\windows6.1-kb3140245-x64_5b067ffb69a94a6e5f9da89ce88c658e52a0dec0.msu' product_id: 'MicrosoftTLS' arguments: '/quiet /norestart' state: presentHere's the error I get:
fatal: [acampos10]: FAILED! => {"changed": false, "failed": true, "msg": "The given Path (C:\\temp\\windows6.1-kb3140245-x64_5b067ffb69a94a6e5f9da89ce88c658e52a0dec0.msu') could not be found", "name": "C:\\temp\\windows6.1-kb3140245-x64_5b067ffb69a94a6e5f9da89ce88c658e52a0dec0.msu'"}
OK, so it looks like the backslashes are causing the problem. But, I've tried many things to account for that, without success. Would someone be kind enough to point out what I'm doing wrong?
Thanks.
Dimitri Yioulos
Feb 14, 2018, 1:25:04 PM2/14/18
to Ansible Project
path should read:
path: C:\temp\windows6.1-kb3140245-x64_5b067ffb69a94a6e5f9da89ce88c658e52a0dec0.msu
Jordan Borean
Feb 14, 2018, 1:46:50 PM2/14/18
to Ansible Project
There are a few issues you will come across;
* You figured out that the path shouldn't have the end single quote, unless you are start the path with a single quote. No need to escape the backslashes unless you enclose it in double quotes
* While you specify the path as .msu, win_package doesn't have any smarts in place to automatically use wusa.exe to install the hotfix, you need to modify the path and arguments to use wusa.exe
* There is the win_hotfix module in 2.4 but this isn't available for Server 2008, 2008 R2 without lots of messing around so for this hotfix it probably won't matter but I've included an example anyway
The final issue is that on a WinRM process any access to the Windows Update API like wusa.exe will fail with access is denied, you need to escape the Network Logon process to get it working, there are multiple ways of doing this currently
* Use Ansible and become to become an interactive process, while this was added in 2.3 it was experimental and only worked in certain situations. I would recommend you upgrade to 2.5 when it is out as it is no longer experimental and quite easy to use
* Use a scheduled task to run the process, this works but it quite cumbersome to setup and run so I won't give an example
* Use psexec and the win_psexec module, it requires the psexec executable downloaded onto the host and chocolately can do that for you
Because you are on an older Ansible version the psexec option will be the easiest way for you to move forward so I recommend you look into that.
* You figured out that the path shouldn't have the end single quote, unless you are start the path with a single quote. No need to escape the backslashes unless you enclose it in double quotes
* While you specify the path as .msu, win_package doesn't have any smarts in place to automatically use wusa.exe to install the hotfix, you need to modify the path and arguments to use wusa.exe
* There is the win_hotfix module in 2.4 but this isn't available for Server 2008, 2008 R2 without lots of messing around so for this hotfix it probably won't matter but I've included an example anyway
The final issue is that on a WinRM process any access to the Windows Update API like wusa.exe will fail with access is denied, you need to escape the Network Logon process to get it working, there are multiple ways of doing this currently
* Use Ansible and become to become an interactive process, while this was added in 2.3 it was experimental and only worked in certain situations. I would recommend you upgrade to 2.5 when it is out as it is no longer experimental and quite easy to use
* Use a scheduled task to run the process, this works but it quite cumbersome to setup and run so I won't give an example
* Use psexec and the win_psexec module, it requires the psexec executable downloaded onto the host and chocolately can do that for you
Because you are on an older Ansible version the psexec option will be the easiest way for you to move forward so I recommend you look into that.
# on 2.5 you could do the following for most Windows hosts
- name: install hotfix KB3140245
win_package:
path: C:\Windows\System32\wusa.exe
arguments: C:\temp\windows6.1-kb3140245-x64_5b067ffb69a94a6e5f9da89ce88c658e52a0dec0.msu /quiet /norestart
product_id: MicrosoftTLS
state: present
register: hotfix_install
become: yes
become_method: runas
become_user: SYSTEM
- name: reboot if required
win_reboot:
when: hotfix_install.reboot_required
# or from 2.4 onwards and Server 2012 or newer you can use win_hotfix (I know this is for Server 2008 R2 but keeping it here as an example for other updates)
- name: install hotfix KB3140245
win_hotfix:
path: C:\temp\windows6.1-kb3140245-x64_5b067ffb69a94a6e5f9da89ce88c658e52a0dec0.msu
hotfix_kb: KB3140245
state: present
register: hotfix_install
- name: reboot host if required
win_reboot:
when: hotfix_install.reboot_required
# finally if you cannot upgrade Ansible versions, you can get it working with psexec by running these tasks
- name: make sure psexec is installed locally
win_chocolatey:
name: psexec
state: present
- name: check if hotfix KB3140245 is installed
win_shell: if (Get-Hotfix -Id KB3140245 -ErrorAction SilentlyContinue) { "true" } else { "false" }
register: hotfix_installed
- name: install hotfix if not installed
win_psexec:
command: C:\Windows\System32\wusa.exe C:\temp\windows6.1-kb3140245-x64_5b067ffb69a94a6e5f9da89ce88c658e52a0dec0.msu /quiet /norestart
system: yes
register: hotfix_install_out
failed_when: hotfix_install_out.rc not in [0, 3010]
when: hotfix_installed.stdout_lines[0] == "false"
- name: reboot system if required
win_reboot:
when: hotfix_install_out.rc == 3010
Thanks
Jordan
Reply all
Reply to author
Forward
0 new messages